[
https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309838#comment-17309838
]
Zhenxu Ke commented on SOLR-15296:
----------------------------------
Yes! I also found PermissionNameProvider might be a better place to achieve my
goal, if we could add, for example, PermissionNameProvider.None to indicate an
endpoint does not need auth, then I can just put the permission on my login
endpoint.
> Provide allowlisting mechanism in the JWT auth plugin to ignore paths like
> login
> --------------------------------------------------------------------------------
>
> Key: SOLR-15296
> URL: https://issues.apache.org/jira/browse/SOLR-15296
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authorization, Plugin system
> Reporter: Zhenxu Ke
> Priority: Major
>
> I'm recently working (with [~epugh] ) on YASA to make it work under the auth
> plugins.
>
> I saw in the codes that the authenticator allowlists the Admin login path
> `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} ,
> not matching the whitelisted paths and will be intercepted, hence the login
> page won't be reached and redirected, I also didn't find a allowlisting
> mechanism in the JWT auth plugin, and
> [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html]
> doesn't seem to fit this case either. So I'm wondering if it's possible to
> provide allowlisting mechanism in the JWT auth plugin, so that users can
> configure the login paths for plugins like YASA to work?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
